CVE-2018-19790

Name of the Vulnerable Software and Affected Versions: Symfony versions 2.7.x through 2.7.49 Symfony versions 2.8.x through 2.8.48 Symfony versions 3.x through 3.4.19 Symfony versions 4.0.x through 4.0.14 Symfony versions 4.1.x through 4.1.8 Symfony versions 4.2.x through 4.2.0

Description: An open redirect issue was found, allowing an attacker to bypass redirection target restrictions by using backslashes in the failure path input field of login forms. This enables the attacker to redirect the user to any domain after login, potentially leading to unauthorized access to information or execution of arbitrary code.

Recommendations: For Symfony versions 2.7.x through 2.7.49, update to version 2.7.50 or later. For Symfony versions 2.8.x through 2.8.48, update to version 2.8.49 or later. For Symfony versions 3.x through 3.4.19, update to version 3.4.20 or later. For Symfony versions 4.0.x through 4.0.14, update to version 4.0.15 or later. For Symfony versions 4.1.x through 4.1.8, update to version 4.1.9 or later. For Symfony versions 4.2.x through 4.2.0, update to version 4.2.1 or later.